Searching Your Data

edit

You can search the indices that match the current index pattern by entering your search criteria in the Query bar. You can use the Lucene query syntax, the full JSON-based Elasticsearch Query DSL or Kuery, an experimental new query language built specifically for Kibana.

When you submit a search request, the histogram, Documents table, and Fields list are updated to reflect the search results. The total number of hits (matching documents) is shown in the toolbar. The Documents table shows the first five hundred hits. By default, the hits are listed in reverse chronological order, with the newest documents shown first. You can reverse the sort order by clicking the Time column header. You can also sort the table by the values in any indexed field. For more information, see Sorting the Documents Table.

To search your data, enter your search criteria in the Query bar and press Enter or click Search search button to submit the request to Elasticsearch.

By default, Kibana will accept either the Lucene query syntax or the Elasticsearch Query DSL in the Query bar. In order to use the new Kuery language you must enable language switching in Management > Advanced Settings via the search:queryLanguage:switcher:enable option. You can also change the default language with the search:queryLanguage setting.